def load_security_information(self, manifest_or_legacy_image, include_vulnerabilities=False): status = registry_model.get_security_status(manifest_or_legacy_image) if status is None: return SecurityInformationLookupResult.with_status( ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE) if status == SecurityScanStatus.FAILED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.FAILED_TO_INDEX) if status == SecurityScanStatus.UNSUPPORTED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.UNSUPPORTED_FOR_INDEXING) if status == SecurityScanStatus.QUEUED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) assert status == SecurityScanStatus.SCANNED try: if include_vulnerabilities: data = self._legacy_secscan_api.get_layer_data( manifest_or_legacy_image, include_vulnerabilities=True) else: data = self._legacy_secscan_api.get_layer_data( manifest_or_legacy_image, include_features=True) except APIRequestFailure as arf: return SecurityInformationLookupResult.for_request_error(str(arf)) if data is None: # If no data was found but we reached this point, then it indicates we have incorrect security # status for the manifest or legacy image. Mark the manifest or legacy image as unindexed # so it automatically gets re-indexed. if self.app.config.get("REGISTRY_STATE", "normal") == "normal": registry_model.reset_security_status(manifest_or_legacy_image) return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) return SecurityInformationLookupResult.for_data( SecurityInformation.from_dict(data))
def load_security_information(self, manifest_or_legacy_image, include_vulnerabilities=False): if not isinstance(manifest_or_legacy_image, ManifestDataType): return None status = None try: status = ManifestSecurityStatus.get( manifest=manifest_or_legacy_image._db_id) except ManifestSecurityStatus.DoesNotExist: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) if status.index_status == IndexStatus.FAILED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.FAILED_TO_INDEX) if status.index_status == IndexStatus.MANIFEST_UNSUPPORTED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.UNSUPPORTED_FOR_INDEXING) if status.index_status == IndexStatus.IN_PROGRESS: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) assert status.index_status == IndexStatus.COMPLETED try: report = self._secscan_api.vulnerability_report( manifest_or_legacy_image.digest) except APIRequestFailure as arf: return SecurityInformationLookupResult.for_request_error(str(arf)) if report is None: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) # TODO(alecmerdler): Provide a way to indicate the current scan is outdated (`report.state != status.indexer_hash`) return SecurityInformationLookupResult.for_data( SecurityInformation( Layer(report["manifest_hash"], "", "", 4, features_for(report))))
def load_security_information(self, manifest_or_legacy_image, include_vulnerabilities=False): status = registry_model.get_security_status(manifest_or_legacy_image) if status is None: return SecurityInformationLookupResult.with_status( ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE) if status == SecurityScanStatus.FAILED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.FAILED_TO_INDEX) if status == SecurityScanStatus.UNSUPPORTED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.UNSUPPORTED_FOR_INDEXING) if status == SecurityScanStatus.QUEUED: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) assert status == SecurityScanStatus.SCANNED try: if include_vulnerabilities: data = self._legacy_secscan_api.get_layer_data( manifest_or_legacy_image, include_vulnerabilities=True) else: data = self._legacy_secscan_api.get_layer_data( manifest_or_legacy_image, include_features=True) except APIRequestFailure as arf: return SecurityInformationLookupResult.for_request_error(str(arf)) if data is None: return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED) return SecurityInformationLookupResult.for_data( SecurityInformation.from_dict(data))
def load_security_information(self, manifest_or_legacy_image, include_vulnerabilities): manifest = manifest_or_legacy_image.as_manifest() info = self._model.load_security_information(manifest, include_vulnerabilities) if info.status != ScanLookupStatus.NOT_YET_INDEXED: return info legacy_info = self._legacy_model.load_security_information( manifest_or_legacy_image, include_vulnerabilities) if legacy_info.status != ScanLookupStatus.UNSUPPORTED_FOR_INDEXING: return legacy_info return SecurityInformationLookupResult.with_status( ScanLookupStatus.NOT_YET_INDEXED)